apiVersion: v1
kind: Pod
metadata:
  name: service-account-to-kubeconfig
spec:
  serviceAccountName: kube-dump
  restartPolicy: Never
  containers:
  - image: docker-registry.intr/utils/kube-dump:master
    command: ["/bin/bash"]
    args: ["/usr/local/bin/script.sh"]
    name: configure-kubectl
    resources:
      limits:
        cpu: 1
        memory: 1024Mi
      requests:
        cpu: 10m
        memory: 10Mi
    env:
    - name: HOME
      value: /home/kube-dump
    securityContext:
      capabilities:
        drop:
        - ALL
      readOnlyRootFilesystem: true
      runAsNonRoot: true
      runAsUser: 1000
      runAsGroup: 998
    volumeMounts:
    - mountPath: /home/kube-dump
      subPath: workdir
      name: workdir
    - mountPath: /usr/local/bin
      name: scripts
    workingDir: /home/kube-dump
  volumes:
  - name: scripts
    configMap:
      name: kube-dump-scripts
  - name: workdir
    emptyDir:
      sizeLimit: 1G
